Phishing Email Archives - Page 2 of 4

Latin America Banks Targeted by BBTok Malware Variant

anti malware, antivirus software, banking malware, banking trojan, BBTok Malware, firewall, Ophtek, Phishing Emailanti-malware, antivirus, banking malware, BBTok, firewall, malware, Ophtek, phishingOphtek, LLC

Nov 2023

Back in 2020, a new banking trojan by the name of BBTok emerged into the digital landscape and was responsible for numerous attacks. And now it’s back.

Banks in Brazil and Mexico appear to be the main targets of BBTok’s new campaign, and it’s a variant which is far more powerful than any of its previous incarnations. Its main deceptive threat is that it is able to spoof the interfaces of 40 different banks in Brazil and Mexico. This means that it’s perfectly placed to harvest sensitive data. In particular, this new strain of BBTok is deceiving victims into disclosing their credit card details and authentication codes. This gives the campaign a financial angle and highlights the serious threat it poses.

How Does BBTok Launch Its Attacks?

BBTok’s latest strategy begins with a phishing email, one that contains a malicious link which kickstarts the attack by launching the malware alongside a dummy document. BBTok is particularly successful as it has been coded to deal with multiple versions of Windows, and it also tailors the content of the attack to both the victim’s country and operating system. BBTok also allows the threat actors behind it to execute remote commands and steal data without the victim being aware.

Most notably, however, is the way in which BBTok replicates the interface of numerous banking websites – such as Citibank and HSBC – to truly deceive the victim. Appearing to be genuine at first glance, these interfaces are used to trick victims into entering security codes and passwords associated with their accounts. This gives the threat actors full access to their financial data and, more disturbingly, full control over their finances. This means that unauthorized payments and bank transfers can quickly land the victim in severe financial trouble.

How to Stay Safe from Banking Malware

In an increasingly digital world, where we all make numerous financial transactions online every week, it’s important to remain guarded against banking malware. As well as the financial damage that malware such as BBTok can cause, it can also create a foothold for threat actors to delve deep into your networks. And this represents a major threat to the security of both your data and your customer’s data. Accordingly, you need to stay safe, and here are some crucial tips to help you:

Beware of phishing emails: your employees should always be cautious when opening emails or clicking on links from unknown sources. As with BBTok, many banking trojans spread through phishing emails which trick you in to visiting fake banking websites. This provides threat actors with the perfect opportunity to harvest your credentials. Therefore, make sure that your employees know how to quickly identify a phishing email and what to do with them.
Install a firewall: putting a firewall in front of your network is a vital step in strengthening your digital defenses. Firewalls act as keen-eyed gatekeepers who scrutinize incoming and outgoing traffic, this allows them to determine whether traffic is trusted and whether any alarms need to be raised. Banking trojans, of course, often transmit stolen data out of your network, so a firewall is the perfect way to identify and prevent this activity.
Strong endpoint security: to protect your network against malware, it’s essential that you employ robust cybersecurity measures throughout your business. In particular, employee workstations and mobile devices are most at risk, so installing advanced antivirus and anti-malware software here should be a priority.

For more ways to secure and optimize your business technology, contact your local IT professionals.

A Remote Access Trojan (RAT) is one of the most common forms of malware you are likely to encounter, and it’s crucial you understand what they are.

It’s important for all organizations to be aware of the danger posed by a RAT in terms of cybersecurity. After all, a RAT could easily take down your entire IT infrastructure or compromise your business data. And all it takes is one mistake for your team to fall victim to a RAT. Due to the severity posed by RATs, we’re going to define what a RAT is, how they work, and the best way to defend and protect against this threat.

The Basics of a RAT

A RAT is a strain of malware which is designed to give threat actors unauthorized access and control over a victim’s PC from a remote location. This is always completed without the victim’s consent, a fact made possible by the stealthy nature of a RAT.

For a RAT to succeed, it first needs to infect the victim’s PC, and this can be achieved in the following ways:

Phishing emails may be used to send malicious attachments which, once opened, activate the RAT and allow it to access the PC it is on.
Malicious downloads may be activated by unsuspecting users who are downloading them from illegal file sharing websites.
If hardware and software is not updated regularly, there is a chance that vulnerabilities may be discovered which a RAT can exploit.

RATs are stealthy types of malware and this cloak of invisibility is put in place by changes that the RAT makes to system settings and registry entries. With this deception in place, a RAT is then able to communicate to a command and control (C&C) server located in a remote location. This C&C server allows the RAT to transmit stolen data and, at the same time, gives the threat actor the opportunity to send commands directly to the RAT.

Some notable examples of RATs are ZuroRat from 2022, NginRAT from 2021 and, more recently, the QwixxRAT attack. All of these examples share one key thing in common: their main objective is to cause digital chaos for all those who fall victim. Accordingly, your organization needs to understand how to defend themselves against these threats.

Detecting and Protecting Against RATs

Protecting your IT infrastructure is far from difficult. In fact, as long as you implement the following measures, it’s relatively easy:

Always update your antivirus and anti-malware software. These security suites have the potential to put a strong barrier in place and detect any incoming malware. However, they also rely on regular updates to keep up to date on the latest threats. Therefore, you need to make sure these are put in place to maximize your defenses.
Make sure that network monitoring solutions are implemented to combat unauthorized network access. This means that your IT team will be able to identify unusual network traffic patterns and take actions to shut this down.

Email and web filtering can seriously reduce your risk of falling victim to a RAT. These excellent pieces of software will analyze and block any malicious attachments before they have a chance to reach your email inbox.

For more ways to secure and optimize your business technology, contact your local IT professionals.

New Malware Spies on Gmail and AOL Inboxes

malicious browser extension, Ophtek, Phishing Email, SHARPEXT, Volexitymalicious browser extension, Ophtek, phishing email, SHARPEXT, VolexityOphtek, LLC

Aug 2022

Webmail remains a crucial way in which you can keep on top of your digital communication, but what happens when people start spying on it?

While AOL email addresses are far from a popular choice in 2021, there are still significant numbers in use. Gmail, however, is much more in demand, with an estimated 1.8 billion users. So, it doesn’t take a genius to see why these platforms would turn a hacker’s head. Protecting such huge amounts of data, therefore, should be paramount. Unfortunately, both AOL and Gmail have fallen short in this respect due to a malicious browser extension. And the main impact of this is that their users have found their webmail accounts compromised.

With such significant data passing through webmail accounts, it’s important that you understand any relevant threats. This slice of malware – dubbed SHARPEXT – is the perfect example of one you need to be on your guard against, so let’s take a look at it.

How Does SHARPEXT Peer Over Your Shoulder?

The infected browser extensions are believed to target three specific browsers: Chrome, Edge and Naver Whale (a South Korean browser). Judging by the evidence on offer, security researchers have determined that SHARPEXT is the work of a North Korean cybercrime group known as SharpTongue. Once the malicious browser extension is activated, it works in a novel way. Whereas similar strains of malware focus on harvesting login credentials, SHARPEXT browses its victims mail and extracts individual emails from the inbox.

You may be wondering how the SHARPEXT extension finds its way into your browser, after all, who would knowingly install a sophisticated piece of spyware on their PC? Well, as ever, it’s down to a stealthy approach by the threat actors. After sending the victim an infected document, SharpTongue use social engineering techniques to convince the recipient to open it; this installs the spyware in the background, where it remains unseen by antivirus software.

How Do You Avoid the Threat of SHARPEXT?

No one wants their email compromised and, for an organization, this can be particularly troubling due to the data at risk. And SHARPEXT is unlikely to be the last attack which uses similar techniques. Therefore, it’s vital that you know how to protect yourself and your PC against it:

Understand the threat of phishing emails: it’s important that your staff know how to identify a phishing email; these are one of the most common methods employed by hackers to compromise PCs. A phishing attack can be activated in seconds and, in a worst-case scenario, turn over complete control of a PC or network to a hacker.

Block any SHARPEXT identifiers: the coding used within SHARPEXT is innovative as it uses coding unfamiliar to security tools. Thankfully, security experts Volexity have compiled a list of identifying code which IT professionals can use to identify extensions running SHARPEXT.

Restrict the Installation of Extensions: in a work-based setting, there’s little reason for your employees to be installing browser extensions onto their PCs. Accordingly, it makes sense for your organization to restrict who can install extensions. If a specific extension is required, then an employee should submit a request to their IT team.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Beware of Online Tax Scams

Hacking, Ophtek, Phishing, Phishing Email, Security, Security Threats, Tax Scamshacking, Ophtek, phishing, security, tax scamsOphtek, LLC

Jan 2021

Many of us will have started preparing our tax returns and hackers are well aware of this. Therefore, it pays to be aware of the numerous online tax scams.

Nobody likes completing tax returns due to the vast amount of data involved. However, they’re essential for organizations to remain operating. And that’s why we spend hours and hours collecting receipts and details for transactions; this is where all the data builds up. Hackers, of course, like nothing more than getting their hands on huge amounts of data. This data can be used for both financial gain and damaging an organization. Accordingly, tax season is their hunting season.

Tax Scams to Look Out For

Countless tax scams are currently circulating in the digital wild, but these are the most common ones you will encounter:

Automatic Tax Payment Deduction: A number of emails have been discovered which claim to originate from the Income Tax Department. These emails falsely claim, in order to generate anxiety, that a tax payment has automatically been deducted from their bank account. An attachment is included which masquerades as a receipt for this transaction. Hackers hope that the recipient’s anxiety and confusion will cause them to open this receipt. Unfortunately, contained within this ‘receipt’ is a slice of malware named W32.Golroted.

Fake Government Websites: A popular method for scamming victims out of money is by designing Government websites which look authentic, but are fake. Using information which has usually been stolen through malicious files or social engineering, these fake websites inform victims that they have received a tax fine. The only way to pay this fine is by wiring payment or purchasing general purchase reloadable cards. However, there is no fine to pay and all the victim will be doing is bankrolling the hackers.

IRS Tax Return is Locked: The last few years have seen the emergence of a phishing email which claims that access to the recipient’s tax return has been restricted. The email is designed to look as though it has been sent by the IRS or, sometimes, the manufactures of the popular TurboTax software. The truth is that the email is fake and has been sent by hackers. The email will urge recipients to click on a link which will take them to a malicious website where their personal information will be stolen.

Staying Safe During the Tax Season

Despite the number of online tax scams it’s easy to stay safe during the tax season. All you have to do is follow these best practices:

Remember that the IRS will never contact you by email to discuss the nature of your tax return or your personal details.
Verify the true identity of any suspicious links by hovering your mouse cursor over the link. A popup will then display where the link will send you.
Never send personal documents to unsolicited email requests as it is likely that a hacker is trying to harvest your details
Emails that claim to be from official organizations, but do not use your name are to be treated as highly suspicious and should be deleted.

For more ways to secure and optimize your business technology, contact your local IT professionals.

How to Protect Yourself against Social Engineering

Hacking, Ophtek, Phishing, Phishing Email, Security Threats, social engineeringhackers, Ophtek, phishing, security, social engineeringOphtek, LLC

Aug 2020

Hackers thrive upon deception and the result of this endeavor is social engineering. It’s a powerful tactic and one you need to protect yourself from.

Social engineering has been used to deploy attacks such as the Coronavirus malware and the recent attack on high profile Twitter accounts. The method is intriguing due to its sophistication and its human element. Rather than relying on complex coding techniques to outwit computer systems, social engineering takes advantage of human naivety. More importantly, however, is the sheer destruction that it can cause.

The world is a perilous place at the best times, but now more than ever we need to make sure we protect ourselves and our businesses. One of the best ways to get started is by reinforcing the barricades against social engineering.

What is Social Engineering?

Manipulation is, in a word, exactly what social engineering is. But you’re going to need a little more information than that, so let’s take a closer look.
Social engineering is a process in which one party seeks to deceive individuals into revealing sensitive information. When it comes to the world of IT this sensitive data tends to relate to login credentials, but can also involve transferring sensitive documents such as employee records. These attacks are commonly executed through the use of phishing emails, but this is not the only technique. It’s possible for hackers to carry out social engineering attacks over the telephone and even face to face.

The Best Ways to Protect Yourself

Protecting yourself against social engineering takes a concerted effort. You can’t rely on software alone to protect you. Luckily, you can strengthen your personal defenses by practicing the following:

• Take Your Time: Social engineering relies on a lack of caution on the victim’s part. Therefore, it’s crucial that you always take your time when it comes to any form of communication. A social engineer will do their best to force you into making a quick decision e.g. clicking a link or disclosing your password. To counter this, evaluate all requests and press for answers if you feel even slightly suspicious.

• Use Email Filters: There have been great advances made in email filters over the course of the last 20 years. Where these junk filters once had relatively little use they are now highly intelligent. Enabling your email filters will enhance your security and prevent the majority of phishing emails making their way into your inbox. This reduces your risk and stops you from engaging with a social engineer.

• Too Good to Be True: As with all areas of life, if something sounds too good to be true then it makes sense to be suspicious. After all, it’s unlikely that a representative for an African prince wants to deposit millions of dollars into your bank account. And, if they did, why would they require your social security number? And your workplace login credentials? As a rule of thumb, if it sounds like a scam then it probably is and should be deleted.

• Is the Source Genuine: If an email says that it’s from your bank then this doesn’t mean it’s from your bank. Likewise, a phone call from your HR team isn’t necessarily genuine. Hackers specialize in trickery and deception, so they won’t shy away from such blatant and direct approaches. Always check every request for details such genuine URL details (by hovering over a link) and only transmitting sensitive data to internal email addresses.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 2 3 4 Next »

Category Archives: Phishing Email

Tax Scams to Look Out For

Staying Safe During the Tax Season

What is Social Engineering?

The Best Ways to Protect Yourself